drop unused zerotier controller code #105
|
@ -8,8 +8,6 @@
|
||||||
./homepage.nix
|
./homepage.nix
|
||||||
./postfix.nix
|
./postfix.nix
|
||||||
./jobs.nix
|
./jobs.nix
|
||||||
../zerotier
|
|
||||||
../zerotier/ctrl.nix
|
|
||||||
../dev.nix
|
../dev.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
|
|
|
@ -1,8 +0,0 @@
|
||||||
# zerotier controller & client config
|
|
||||||
These modules implement a simple bash based controller (./ctrl.nix) and
|
|
||||||
the config to join the VPN. External people who want to join just have to copy
|
|
||||||
./default.nix into their configuration and rebuild switch.
|
|
||||||
|
|
||||||
The configured network uses only ipv6 addresses, they are distributed by 6plane.
|
|
||||||
Which gives every host a /80.
|
|
||||||
Reference: https://gist.github.com/laduke/fa1e9a68a79d9038ab117ad0ab69927a
|
|
|
@ -1,37 +0,0 @@
|
||||||
{ config, lib, pkgs, ... }:
|
|
||||||
{
|
|
||||||
environment.systemPackages = [
|
|
||||||
(pkgs.writers.writeDashBin "zt-init" ''
|
|
||||||
set -efux
|
|
||||||
NODEID=$(cat /var/lib/zerotier-one/identity.public | cut -d: -f1)
|
|
||||||
NEW_NET=$(${pkgs.curl}/bin/curl -X POST "http://localhost:9993/controller/network/''${NODEID}______" -H "X-ZT1-AUTH: $(sudo cat /var/lib/zerotier-one/authtoken.secret)" -d {})
|
|
||||||
'')
|
|
||||||
(pkgs.writers.writeDashBin "zt-network-edit" ''
|
|
||||||
set -efux
|
|
||||||
TMP_NET_CONFIG=$(mktemp)
|
|
||||||
trap 'rm -f "$TMP_NET_CONFIG"' EXIT
|
|
||||||
NETWORK_ID=''${NETWORK_ID:-$(zerotier-cli listnetworks -j | jq -r '.[0] | .id')}
|
|
||||||
${pkgs.curl}/bin/curl "http://localhost:9993/controller/network/''${NETWORK_ID}" -H "X-ZT1-AUTH: $(sudo cat /var/lib/zerotier-one/authtoken.secret)" -d {} > "$TMP_NET_CONFIG"
|
|
||||||
$EDITOR "$TMP_NET_CONFIG"
|
|
||||||
${pkgs.curl}/bin/curl "http://localhost:9993/controller/network/''${NETWORK_ID}" -H "X-ZT1-AUTH: $(sudo cat /var/lib/zerotier-one/authtoken.secret)" -d @"$TMP_NET_CONFIG"
|
|
||||||
'')
|
|
||||||
(pkgs.writers.writeDashBin "zt-member-ls" ''
|
|
||||||
set -eu
|
|
||||||
NETWORK_ID=''${NETWORK_ID:-$(zerotier-cli listnetworks -j | jq -r '.[0] | .id')}
|
|
||||||
cat /var/lib/zerotier-one/controller.d/network/$NETWORK_ID/member/* | jq -s
|
|
||||||
'')
|
|
||||||
(pkgs.writers.writeDashBin "zt-member-auth" ''
|
|
||||||
set -efux
|
|
||||||
MEMBER_ID=$1
|
|
||||||
if ! printf '%s' $MEMBER_ID | grep -q '^[0-9a-f]\{10\}$'; then
|
|
||||||
echo '$MEMBER_ID is not a valid member id'
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
URL='http://localhost:9993/controller/'
|
|
||||||
TOKEN=''${TOKEN:-$(cat /var/lib/zerotier-one/authtoken.secret)}
|
|
||||||
NETWORK_ID=''${NETWORK_ID:-$(zerotier-cli listnetworks -j | jq -r '.[0] | .id')}
|
|
||||||
|
|
||||||
curl -fSs -H "X-ZT1-AUTH: $TOKEN" "$URL/network/$NETWORK_ID/member/$MEMBER_ID" -d '{"authorized": true}'
|
|
||||||
'')
|
|
||||||
];
|
|
||||||
}
|
|
|
@ -1,45 +0,0 @@
|
||||||
{ lib, pkgs, ... }:
|
|
||||||
{
|
|
||||||
networking.firewall.allowedTCPPorts = [
|
|
||||||
9993
|
|
||||||
993 # zt-tcp-proxy
|
|
||||||
];
|
|
||||||
networking.firewall.allowedUDPPorts = [ 9993 ];
|
|
||||||
networking.firewall.interfaces."zt+".allowedTCPPorts = [ 5353 ];
|
|
||||||
networking.firewall.interfaces."zt+".allowedUDPPorts = [ 5353 ];
|
|
||||||
|
|
||||||
# Note avahi was super slow. systemd-resolved worked much faster for mdns
|
|
||||||
systemd.network.networks.zerotier = {
|
|
||||||
matchConfig.Name = "zt*";
|
|
||||||
networkConfig = {
|
|
||||||
LLMNR = true;
|
|
||||||
LLDP = true;
|
|
||||||
MulticastDNS = true;
|
|
||||||
KeepConfiguration = "static";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
systemd.services.zt-tcp-proxy = {
|
|
||||||
wantedBy = [ "multi-user.target" ];
|
|
||||||
after = [ "zerotier-one.service" ];
|
|
||||||
serviceConfig = {
|
|
||||||
Type = "simple";
|
|
||||||
# imap port
|
|
||||||
ExecStart = "${pkgs.callPackage ../../pkgs/zerotier-tcp-proxy.nix {
|
|
||||||
zerotierProxyPort = 993;
|
|
||||||
}}/bin/zerotier-tcp-proxy";
|
|
||||||
Restart = "always";
|
|
||||||
RestartSec = 5;
|
|
||||||
DynamicUser = true;
|
|
||||||
User = "zt-tcp-proxy";
|
|
||||||
Group = "zt-tcp-proxy";
|
|
||||||
AmbientCapabilities = "CAP_NET_BIND_SERVICE";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
services.zerotierone = {
|
|
||||||
enable = true;
|
|
||||||
joinNetworks = [ "33d87fa6bd93423e" ];
|
|
||||||
};
|
|
||||||
nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ "zerotierone" ];
|
|
||||||
}
|
|
|
@ -1,26 +0,0 @@
|
||||||
{ stdenv, fetchFromGitHub, fetchpatch, zerotierProxyPort ? 443 }:
|
|
||||||
stdenv.mkDerivation {
|
|
||||||
name = "zerotier-tcp-proxy";
|
|
||||||
src = fetchFromGitHub {
|
|
||||||
owner = "zerotier";
|
|
||||||
repo = "ZeroTierOne";
|
|
||||||
rev = "008a768f15763aa4b1c73434cdc517b6b4e3f997";
|
|
||||||
hash = "sha256-BX589KbO+6eoyUo7UUDEL7pyIgpUE25deax+dmvGGG4=";
|
|
||||||
};
|
|
||||||
patches = [
|
|
||||||
(fetchpatch {
|
|
||||||
url = "https://github.com/zerotier/ZeroTierOne/commit/dd2006d494e85a41d8b818b37460e7cf458a2aee.patch";
|
|
||||||
hash = "sha256-nuao04pDha7h62RHviUZYx21p6bNOyiU78kBBq2o2Rs=";
|
|
||||||
})
|
|
||||||
];
|
|
||||||
buildPhase = ''
|
|
||||||
pushd tcp-proxy
|
|
||||||
sed -i -e "s/ZT_TCP_PROXY_TCP_PORT.*443/ZT_TCP_PROXY_TCP_PORT ${toString zerotierProxyPort}/g" tcp-proxy.cpp
|
|
||||||
cat tcp-proxy.cpp
|
|
||||||
make -j $NIX_BUILD_CORES CXX=$CXX
|
|
||||||
popd
|
|
||||||
'';
|
|
||||||
installPhase = ''
|
|
||||||
install -D -m 755 tcp-proxy/tcp-proxy $out/bin/zerotier-tcp-proxy
|
|
||||||
'';
|
|
||||||
}
|
|
|
@ -1,32 +0,0 @@
|
||||||
{ lib
|
|
||||||
, rustPlatform
|
|
||||||
, fetchFromGitHub
|
|
||||||
, fetchpatch
|
|
||||||
}:
|
|
||||||
|
|
||||||
rustPlatform.buildRustPackage {
|
|
||||||
pname = "zt-tcp-relay";
|
|
||||||
version = "unstable-2022-08-02";
|
|
||||||
|
|
||||||
src = fetchFromGitHub {
|
|
||||||
owner = "alexander-akhmetov";
|
|
||||||
repo = "zt-tcp-relay";
|
|
||||||
rev = "2d4541d77807d57d5c303a1babfabf7f445e3946";
|
|
||||||
hash = "sha256-6CkVvBRMsyAPBdkDBM1REJjM+3vs+ws/qCmQOfFInMw=";
|
|
||||||
};
|
|
||||||
|
|
||||||
patches = [
|
|
||||||
# https://github.com/alexander-akhmetov/zt-tcp-relay/pull/19
|
|
||||||
(fetchpatch {
|
|
||||||
url = "https://github.com/alexander-akhmetov/zt-tcp-relay/commit/69f0a4f1f210dcd7a305036d4737d9a29215824d.patch";
|
|
||||||
hash = "sha256-kqZS9IjwEggLE6CQFaacL2TyTUn0PQCz1TPdoZdDrk0=";
|
|
||||||
})
|
|
||||||
];
|
|
||||||
|
|
||||||
cargoHash = "sha256-MDygbJRi1aT4hfI7b2hwhYJ4UJyR1DehDAHDgbDZ35g=";
|
|
||||||
|
|
||||||
meta = {
|
|
||||||
description = "ZeroTier One TCP relay";
|
|
||||||
homepage = "https://github.com/alexander-akhmetov/zt-tcp-relay";
|
|
||||||
};
|
|
||||||
}
|
|
Loading…
Reference in New Issue
Block a user